China is expectedly taking advantage of the recent wave of US federal layoffs. A network linked to Chinese intelligence is using fake job ads, made-up consulting firms, and shell companies to target former government workers. The goal is to trick them into sharing sensitive information—sometimes without even realizing it, a Reuters report claimed.
Cybersecurity researchers uncovered the campaign, and US officials have confirmed it. It comes as thousands of federal employees are losing their jobs under the Donald Trump administration’s “Department of Government Efficiency,” or DOGE. Many of those being targeted have experience in national security, technology, or intelligence work.
As per the Reuters report, China’s strategy is simple: find people who are out of work and vulnerable. The job ads are posted on familiar sites like LinkedIn and Craigslist and often look legitimate. But behind them is a quiet effort to collect secrets from people who used to help protect them.
Why it matters
- The justice department recently charged eight Chinese nationals in a sprawling cyber espionage campaign — a small piece of what the FBI has long warned is the most expansive hacking program on the planet.
- Beijing’s operations are increasingly stealthy, structured, and synchronized with China’s national strategy. Experts now warn that the most dangerous cyber activity may not be a viral malware or ransomware attack — but the subtle cultivation of real-world sources within US agencies.
- Add to that the wave of mass federal layoffs under Trump’s DOGE initiative, and analysts say China is seizing a rare opportunity to exploit thousands of newly unemployed US officials with security clearances.
- The use of job scams to recruit foreign assets isn’t new—nor is it unique to China. The CIA has used similar tactics to try and flip Russian officials, even releasing recruitment videos on dark web forums and Telegram channels.
- But China’s efforts are more covert, more prolonged, and now possibly more effective. Holden Triplett, who led FBI offices in Beijing and Moscow, calls the current environment a “recruiter’s dream.”
The target: Fired, frustrated, and in possession of secrets
- As per a CNN report, the Chinese campaign is emerging just as the US federal government undergoes an aggressive restructuring. Following Trump’s order to eliminate “waste, bloat, and insularity,” thousands of workers have been cut—many in intelligence, defense, and cybersecurity. Eleven CIA and DNI employees were let go following the shuttering of diversity and equity programs. Others face termination in an ongoing agency-wide reorganization.
- Officials within the intelligence community are alarmed. A redacted document from the Naval Criminal Investigative Service states with “high confidence” that foreign adversaries are actively working to recruit these laid-off employees. According to CNN, some of these workers were not even given standard exit briefings that typically include warnings about foreign approaches.
- Now, Beijing appears to be exploiting that gap—approaching former officials through seemingly legitimate companies and employment channels.
- “It doesn’t take a lot of imagination to see that these cast-aside federal workers with a wealth of institutional knowledge represent staggeringly attractive targets to the intelligence services of our competitors and adversaries,” one US official said.
Between the lines
A recent investigation by Reuters and cyber researcher Max Lesser revealed that a network of fake consulting firms, tied digitally to a mysterious Chinese company called Smiao Intelligence, has been actively recruiting former US government workers.
- Some job ads specifically targeted “recently laid-off US federal employees.”
- Addresses listed for these firms often led to empty lots or shell companies.
- One employee told Reuters he was paid thousands of dollars to post job listings by two anonymous Chinese contacts named “Eric” and “Will.”
The companies involved — like RiverMerge Strategies and Wavemax Innovation — appear legitimate at first glance but are part of a larger web that shares servers, phone numbers, and contact links with Smiao.
“What makes this activity significant is that the network seeks to exploit the financial vulnerabilities of former federal workers affected by recent mass layoffs,” said Lesser.
The US intelligence community has assessed with “high confidence” that both China and Russia are aggressively targeting these displaced workers, especially those with access to critical infrastructure or national security knowledge.
Zoom in
- This isn’t just a few phishing emails — it’s a systemic campaign.
- Platforms: LinkedIn, TikTok, Reddit and Craigslist are being used to find disaffected or recently terminated government workers.
- Tactics: Foreign operatives pose as recruiters or consultants. Some ask if applicants are “open to work,” then escalate to requests for insider knowledge or referrals.
- Targets: Probationary employees (often with less job protection), DEI-related officers terminated by Trump orders, and even undercover CIA recruits.
- In a high-profile example from 2020, a Singaporean national named Jun Wei Yeo pleaded guilty in US court to acting as a Chinese agent. He created a fake consulting firm and recruited American sources via job ads, paying them to write intelligence reports — without ever disclosing the client was the Chinese government.
The big picture
As per a report in the Economist, China’s cyber operations have evolved dramatically over the past decade. What began as noisy hacks from visible Shanghai servers has become a refined intelligence machine with three overlapping goals:
- Political espionage: The MSS (Ministry of State Security), China’s main foreign intelligence arm, has led high-value operations like Salt Typhoon, which breached nine US telecom firms — exposing officials’ calls and texts.
- Pre-positioning for sabotage: Volt Typhoon, a PLA-linked group, infiltrated power plants, ports, and water facilities across the US and Guam. These are not just probes — they’re laying groundwork for potential wartime disruption.
- Intellectual property theft: China’s hackers have siphoned blueprints, trade secrets and business strategies from US firms for years. Former NSA chief Keith Alexander once called it “the greatest transfer of wealth in history.”
- Now, a new frontier is opening: human intelligence, via sophisticated job scams designed to lure freshly terminated federal employees.
What separates China from their peers like Russia, North Korea and Iran”, says Mr Hultquist, is that those states routinely cross the line from espionage to disruption, from spying and reconnaissance to outright sabotage. China has “never pulled the trigger”, he says. Even in American infrastructure networks, China has stopped short of inserting destructive code. “We can see them doing the reconnaissance. We can see them getting into place. They’re not showing us the weapon.
An article in the Economist
What they’re saying
- Holden Triplett, ex-FBI counterintelligence director: “Employees that feel they have been mistreated by an employer have historically been much more likely to disclose sensitive information.” We may be creating, albeit somewhat unintentionally, the perfect recruitment environment,” Triplett told CNN.
- David Aaron, former DOJ prosecutor: “Foreign intelligence services often use job recruitment scams to recruit sources without them even knowing they are working for a foreign government.”
- White House spokesperson: Both active and former government employees must recognize the danger these governments pose and the importance of safeguarding government information.”
- Chinese Embassy: China respects data privacy and security” and was “unaware of any entities involved in such campaigns.”
The intrigue
China’s hacking ecosystem isn’t limited to government operatives.
Chengdu, home to the MSS-linked firm i-Soon, has become a hotbed of cyber talent. The city hosts elite hacking contests like the Tianfu Cup and Wangding Cup, dubbed China’s “cyber Olympics.” Winners’ exploits — like software vulnerabilities — are funneled directly into government databases.
A leaked trove from i-Soon revealed operations targeting Nepal’s presidential palace, Taiwanese mapping data, Indian immigration systems, and even Thai intelligence. The documents showed disorganization — but also remarkable ambition and global scope.
What’s next
US agencies are scrambling to blunt the impact:
- CIA and Defense officials are quietly reviewing layoff protocols.
- Intelligence leaders are urging stronger post-employment exit briefings.
- LinkedIn says it’s increasing efforts to detect and remove fake recruiters.
But experts say the damage may already be happening. One former intelligence official warned, “We may be building the perfect storm — cutting loose people with secrets and then hoping no one comes calling.”
“This isn’t reality TV,” a former intelligence official told CNN. “There are consequences.”
